TOR Tor at the Heart: Flash Proxy

Discussion in 'TOR | TAILS' started by survivalmonkey, Dec 16, 2016.

  1. survivalmonkey

    survivalmonkey Monkey+++

    During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists. Check out our blog each day to learn about our fellow travelers. And please support the Tor Project! We're at the heart of Internet freedom. Donate today!

    Flash Proxy

    Sometimes Tor bridge relays can be blocked despite the fact that their addresses are handed out only a few at a time. Flash proxies create many, generally ephemeral bridge IP addresses, with the goal of outpacing a censor's ability to block them. Rather than increasing the number of bridges at static addresses, flash proxies make existing bridges reachable by a larger and changing pool of addresses.

    "Flash proxy" is a name that should make you think "quick" and "short-lived." Our implementation uses standard web technologies: JavaScript and WebSocket. (In the long-ago past we used Adobe Flash, but do not any longer.)

    Flash Proxy is built into Tor Browser. In fact, any browser that runs JavaScript and has support for WebSockets is a potential proxy available to help censored Internet users.

    How It Works

    In addition to the Tor client and relay, we provide three new pieces. The Tor client contacts the flash proxy facilitator to advertise that it needs a connection. The facilitator is responsible for keeping track of clients and proxies, and assigning one to another. The flash proxy polls the facilitator for client registrations, then begins a connection to the client when it gets one. The transport plugins on the client and the relay broker the connection between WebSockets and plain TCP.

    A sample session may go like this:

    1. The client starts Tor and the client transport plugin program (flashproxy-client), and sends a registration to the facilitator using a secure rendezvous. The client transport plugin begins listening for a remote connection.
    2. A flash proxy comes online and polls the facilitator.
    3. The facilitator returns a client registration, informing the flash proxy where to connect.
    4. The proxy makes an outgoing connection to the client, which is received by the client's transport plugin.
    5. The proxy makes an outgoing connection to the transport plugin on the Tor relay. The proxy begins sending and receiving data between the client and relay.

    From the user's perspective, only a few things change compared to using normal Tor. The user must run the client transport plugin program and use a slightly modified Tor configuration file.


    Cupcake is an easy way to distribute Flash Proxy, with the goal of getting as many people to become bridges as possible.

    Cupcake can be distributed in two ways:

    • As a Chrome or Firefox add-on (turning your computer into a less temporary proxy)
    • As a module/theme/app on popular web platforms (turning every visitor to your site into a temporary proxy)


    Snowflake is a pluggable transport currently in alpha that combines the advantages of Flash Proxy and Meek. Snowflake relies on the WebRTC open framework to enable Real Time Communications in the browser. It has the convenience of Meek, but it can support magnitudes more users with negligible CDN costs. With Snowflake, NATs are no longer a usability barrier - no need for manual port forwarding!

    Continue reading...
survivalmonkey SSL seal warrant canary